Informationsteknologi Cloudcomputing Referencearkitektur

Dansk standard DS/ISO/IEC 17789 1. udgave 2014-10-21 Informationsteknologi Cloudcomputing Referencearkitektur Information technology Cloud computing Reference architecture

DS/ISO/IEC 17789 København DS projekt: M283724 ICS: 35.100.05 Første del af denne publikations betegnelse er: DS/ISO/IEC, hvilket betyder, at det er en international standard, der har status som dansk standard. Denne publikations overensstemmelse er: IDT med: ISO IEC 17789:2014. DS-publikationen er på engelsk. DS-publikationstyper Dansk Standard udgiver forskellige publikationstyper. Typen på denne publikation fremgår af forsiden. Der kan være tale om: Dansk standard standard, der er udarbejdet på nationalt niveau, eller som er baseret på et andet lands nationale standard, eller standard, der er udarbejdet på internationalt og/eller europæisk niveau, og som har fået status som dansk standard DS-information publikation, der er udarbejdet på nationalt niveau, og som ikke har opnået status som standard, eller publikation, der er udarbejdet på internationalt og/eller europæisk niveau, og som ikke har fået status som standard, fx en teknisk rapport, eller europæisk præstandard DS-håndbog samling af standarder, eventuelt suppleret med informativt materiale DS-hæfte publikation med informativt materiale Til disse publikationstyper kan endvidere udgives tillæg og rettelsesblade DS-publikationsform Publikationstyperne udgives i forskellig form som henholdsvis fuldtekstpublikation (publikationen er trykt i sin helhed) godkendelsesblad (publikationen leveres i kopi med et trykt DS-omslag) elektronisk (publikationen leveres på et elektronisk medie) DS-betegnelse Alle DS-publikationers betegnelse begynder med DS efterfulgt af et eller flere præfikser og et nr., fx DS 383, DS/EN 5414 osv. Hvis der efter nr. er angivet et A eller Cor, betyder det, enten at det er et tillæg eller et rettelsesblad til hovedstandarden, eller at det er indført i hovedstandarden. DS-betegnelse angives på forsiden. Overensstemmelse med anden publikation: Overensstemmelse kan enten være IDT, EQV, NEQ eller MOD IDT: Når publikationen er identisk med en given publikation. EQV: Når publikationen teknisk er i overensstemmelse med en given publikation, men præsentationen er ændret. NEQ: Når publikationen teknisk eller præsentationsmæssigt ikke er i overensstemmelse med en given standard, men udarbejdet på baggrund af denne. MOD: Når publikationen er modificeret i forhold til en given publikation.

INTERNATIONAL STANDARD ISO/IEC 17789 First edition 2014-10-15 Information technology Cloud computing Reference architecture Technologies de l'information Informatique en nuage Architecture de référence Reference number ISO/IEC 17789:2014(E) ISO/IEC 2014

ISO/IEC 17789:2014(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO s member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyright@iso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2014 All rights reserved

CONTENTS ISO/IEC 17789:2014 (E) 1 Scope... 1 2 Normative references... 1 2.1 Identical Recommendations International Standards... 1 2.2 Additional references... 1 3 Definitions... 1 3.1 Terms defined elsewhere... 1 3.2 Terms defined in this Recommendation International Standard... 1 4 Abbreviations... 2 5 Conventions... 2 6 Cloud computing reference architecture goals and objectives... 3 7 Reference architecture concepts... 4 7.1 CCRA architectural views... 4 7.2 User view of cloud computing... 5 7.3 Functional view of cloud computing... 7 7.4 Relationship between the user view and the functional view... 8 7.5 Relationship of the user view and functional view to cross-cutting aspects... 8 7.6 Implementation view of cloud computing... 9 7.7 Deployment view of cloud computing... 9 8 User view... 9 8.1 Introduction to roles, sub-roles and cloud computing activities... 9 8.2 Cloud service customer... 10 8.3 Cloud service provider... 14 8.4 Cloud service partner... 21 8.5 Cross-cutting aspects... 23 9 Functional view... 29 9.1 Functional architecture... 29 9.2 Functional components... 30 10 Relationship between the user view and the functional view... 38 10.1 General... 38 10.2 Overview... 38 Annex A Further details regarding the user view and functional view... 44 A.1 The cloud service customer cloud service provider relationship... 44 A.2 The provider peer provider (or "inter-cloud") relationship... 47 A.3 The cloud service developer cloud service provider relationship... 50 A.4 The cloud service provider Auditor relationship... 51 Bibliography... 53 Page Rec. ITU-T Y.3502 (08/2014) iii

ISO/IEC 17789:2014(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 17789 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 38, Distributed application platforms and services (DAPS), in collaboration with ITU-T. The identical text is published as ITU-T Rec. Y.3502 (08/2014). iv ISO/IEC 2014 All rights reserved

ISO/IEC 17789:2014 (E) INTERNATIONAL STANDARD RECOMMENDATION ITU-T Information technology Cloud computing Reference architecture 1 Scope This Recommendation International Standard specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships. 2 Normative references The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations International Standards Recommendation ITU-T Y.3500 (2014) ISO/IEC 17788:2014, Information technology Cloud computing Overview and vocabulary. 2.2 Additional references ISO/IEC 29100:2011, Information technology Security techniques Privacy framework. 3 Definitions For the purposes of this Recommendation International Standard, the terms and definitions in Rec. ITU-T Y.3500 ISO/IEC 17788 and the following definitions apply. 3.1 Terms defined elsewhere The following term is defined in ISO/IEC/IEEE 42010: 3.1.1 architecture: Fundamental concepts or properties of a system in its environment embodied in its elements, relationships and in the principles of its design and evolution. The following term is defined in ISO/IEC 29100: 3.1.2 personally identifiable information (PII): Any information that (a) can be used to identify the PII principal to whom such information relates, or (b) is or might be directly or indirectly linked to a PII principal. NOTE To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to identify that natural person. 3.2 Terms defined in this Recommendation International Standard This Recommendation International Standard defines the following terms: 3.2.1 activity: A specified pursuit or set of tasks. 3.2.2 cloud service product: A cloud service, allied to the set of business terms under which the cloud service is offered. NOTE Business terms can include pricing, rating and service levels. 3.2.3 functional component: A functional building block needed to engage in an activity (clause 3.2.1), backed by an implementation. Rec. ITU-T Y.3502 (08/2014) 1